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Abstract 



Polynomial system solving is a classical problem in mathematics with a wide range of applications 
which make its complexity a central study in theoretical computer science. Depending on the context, 
solving has different meanings. In order to stick to the most general case, we consider a representation 
of the solutions from which one can easily recover the exact solutions or a certified approximation of 
them. Under generic assumption, such a representation is given by the lexicographical Grobner basis 
of the system and consists of a set of univariate polynomials. The best known algorithm for computing 
the lexicographical Grobner basis is in 0(nD 3 ) arithmetic operations where n is the number of vari- 
ables and D the number of solutions of the system. We show that this complexity can be decreased to 
0(D U ) where 2 < ui < 2.3727 is the exponent in the complexity of multiplying two dense matrices 
and the notation O means that we neglect logarithmic factors. To achieve this result we propose new 
algorithms which rely on fast linear algebra. When the degree of the equations are bounded we propose 
iy5 . a deterministic algorithm. In the unbounded case we present a Las Vegas algorithm. 

1 Introduction 
> 

Context. Polynomial systems solving is a classical problem in mathematics. It is not only an important 
problem on its own, but it also has a wide spectrum of applications. It spans several research disciplines 
such as coding theory H14II32I . cryptography fl9]|26], computational game theory [13,40], optimization [24], 
t^J- \ etc. The ubiquitous nature of the problem positions the study of its complexity at the center of theoretical 

computer science. Exempli gratia, in the context of computational geometry, a step of the algorithm by 
Safey el Din and Schost [2], the first algorithm with better complexity than the one by Canny ifTTI for 
solving the road map problem, depends on solving efficiently polynomial systems. In cryptography, the 
recent breakthrough algorithm due to Joux [26] for solving the discrete logarithm problem in finite fields 
of small characteristic heavily relies on the same capacity. However, depending on the context, solving 
a polynomial system has different meanings. If we are working over a finite field, then solving generally 
means that we enumerate all the possible solutions lying in this field. On the other hand, if the field is 
of characteristic zero, then solving might mean that we approximate the real (complex) solutions up to a 
specified precision. Therefore, an algorithm for solving polynomial systems should provide an output that is 
valid in all contexts. In this paper we present an efficient algorithm to tackle the PoSSo {Polynomial Systems 
Solving) problem, the ouput of which is a representation of the roots suitable in all the cases. The precise 
definition of the problem is as follows: 

Problem 1 (PoSSo). Let K be the rational field Q or a finite field ¥ q . Given a set of polynomial equations 
with a finite number of solutions which are all simple 

S:{fi = --- = f s = 0} 



f UPMC, Universite Paris 06; INRIA, Paris Rocquencouit Center; PolSys Project, LIP6/CNRS; UMR 7606, France; Email 
addresses: Jean-Charles.Faugere@inria.fr, {Louise. Huot,Guenael. Renault} @lip6.fr 

*Universite de Lorraine; LORIA, Lorraine; CARAMEL Project, LORIA/CNRS; UMR 7503, France; Email address: Pier- 
rick. Gaudry@loria.fr 



with fi, . . . , f s £ K[xi, . . . , x n ], find a univariate polynomial representation of the solutions of S i.e. 
h\, . . . ,h n £ IC[x n ] such that the system {x± — hi = ■ ■ ■ = x n -\ — h n -\ = h n = 0} have the same 
solutions as S. 

It is worth noting that enumerating the solutions in a finite field or approximating the solutions in the 
characteristic zero case can be easily done once the underlying PoSSo problem is solved. Actually, from 
a given univariate polynomial representation {x\ — h\ = • • • = x n -i — h n -\ = h n = 0} one just have 
to find the (approximated) roots of the univariate polynomial h n . The algorithms to compute such roots 
have their complexities in function of D, the degree of h n , well handle and in general they are negligible 
in comparison to the cost of solving the PoSSo problem. Note that D is also the total number of solutions 
of the polynomial system. For instance, if IK = ¥ q is a finite field, the enumeration of the roots lying in ¥ q 
of h n can be done in 0(D) arithmetic operations where the notation O means that we neglect logarithmic 
factors in q and D, see [42]. In the characteristic zero case, finding an approximation of all the real roots of 
h n can also be done in 0(D) where, in this case, we neglect logarithmic factors in D, see ll37l . 

A key contribution to the PoSSo problem is the multivariate resultant introduced by Macaulay in the 
beginning of the 20th century [33]. The next major achievement on PoSSo appeared in the 1960s when 
Buchberger introduced, in his PhD thesis, the concept of Grobner bases and the first algorithm to compute 
them. Since then, Grobner bases have been extensively studied (see for instance El [El [23 [40 1) and have 
become a powerful and a widely used tool to solve polynomial systems. A major complexity result related 
to the PoSSo problem has been shown by Lakshman and Lazard in [30] and states that this problem can be 
solved in a simply exponential time in the maximal degree of the equations. As the number of solutions 
can be bounded by an exponential in this degree (Bezout's bound), this result yields the first step toward 
a polynomial complexity in the number of solutions for the PoSSo problem. Whereas for the particular 
case of approximating or computing a rational parametrization of all the solutions of a polynomial systems 
with coefficients in a field of characteristic zero there exist algorithms with sub-cubic complexity in D 

(0(12 n D 2 ) for the approximation, see (36], and O (n2 n D2 J for the rational parametrization, see [d). In 
the best of our knowledge, for the complexity of computing a univariate polynomial representation of the 
solutions, there is no better bound than 0(nD 3 ). The main goal of this paper is to pass over this theoretical 
barrier and thus providing the first algorithm with sub-cubic complexity in D to solve the PoSSo problem. 

Related works. In order to reach this goal we develop new algorithms in Grobner basis theory. Let S be a 
polynomial system in K[x± , . . . , x n ] verifying the hypothesis of ProblemQ] i.e. with a finite number of solu- 
tions in an algebraic closure of IK which are all simple. A Grobner basis is to S what row echelon form is to a 
linear system. For a fixed monomial ordering, given a system of polynomial equations, its associated Grob- 
ner basis is unique after normalization. From an algorithmic point of view, monomial orderings may differ: 
some are attractive for the efficiency whereas some others give rise to a more structured output. Hence, 
the fastest monomial ordering is usually the degree reverse lexicographical order, denoted DRL. However, 
in general, a DRL Grobner basis does not allow to list the solutions of S. An important ordering which 
provides useful outputs is the lexicographical monomial ordering, denoted LEX in the sequel. Actually, for 
a characteristic field or with a sufficiently large one, up to a linear change of the coordinates, a Grobner 
basis for the LEX ordering of the polynomial system S gives a univariate polynomial representation of its 
solutions [23 ,29]. That is to say, computing this Grobner basis is equivalent to solving the PoSSo problemQ] 
It is usual to define the following: the ideal generated by S is said to be in Shape Position when its LEX 
Grobner basis is a polynomial representation of its solutions (i.e. one do not need to apply any linear change 
of coordinates). In a first part of this paper, we will avoid the consideration of the probabilistic choice of the 
linear change of coordinates in order to be in Shape Position, thus we assume the following hypothesis. 



Hypothesis 1. Let S C K[xi, . . . , x n ] be a polynomial system with a finite number of solutions which are 
all simple. Its associated LEX Grobner basis is in Shape Position. 

From a DRL Grobner basis, one can compute the corresponding LEX Grobner basis by using a change 
of ordering algorithm. Consequently, when the associated LEX Grobner basis of the system S is in Shape 
Position i.e. S verifies Hypothesis [T]the usual and most efficient algorithm is first to compute a DRL 
Grobner basis. Then, the LEX Grobner basis is computed by using a change of ordering algorithm. This is 
summarized in Algorithm [Q 

Algorithm 1: Solving polynomial systems 
Input : A polynomial system S C ~K[x\, . . . , x n ] which verifies Hypothesis [Q 
Output: The LEX Grobner basis of S i.e. the univariate polynomial representation of the solutions of 
S. 

1 Computing the DRL Grobner basis of (S); 

2 From the DRL Grobner basis, computing the LEX Grobner basis of (S); 

3 return The LEX Grobner basis of S; 

The first step of Algorithm \T\ can be done by using F4 Ifl6l or F5 ifTTl algorithms. The complexity 
of these algorithms for regular systems is well-handled. For the homogeneous case, the regular property 
for a polynomial system {fi,- ■ ■ ,f s } C K[xi, . . . , x n ] is a generic property which implies that for all 
i € {2, . . . , s}, the polynomial f does not divide zero in the quotient ring K[xi, . . . , x n ]/{fi, • • • , fi-i)- 
There is an analogous definition for the affine case, see Definition |H For the particular case of the DRL 
order, computing a DRL Grobner basis of a regular system in K[x\, ■■ ■ , x n ] with equations of same degree, 
d, can be done in 0(d ujn ) arithmetic operations (see ElE]]). Moreover, the number of solutions D of the 
system can be bounded by d n by using the Bezout's bound. Since, this bound is genetically (i.e. almost 
always) reached i.e. D = d n , computing a DRL Grobner basis can be done in 0(D U ) arithmetic operations. 
Hence, in this case the first step of Algorithm [Q has a polynomial arithmetic complexity in the number of 
solutions with exponent uj. 

The second step of Algorithm Q] can be done by using a change of ordering algorithm. In 1993, Faugere 
et al. showed in [ 19 ] that change of ordering for zero dimensional ideals is closely related to linear algebra. 
Indeed, they proposed a change of ordering algorithm, denoted FGLM in the literature, which proceeds in 
two stages. Let G> 1 be the given Grobner basis w.r.t. the order >i of an ideal in K[xi, . . . , x n ]. First, we 
need for each i G {1, . . . , n} a matrix representation, Tj, of the linear map of K.[x±, . . . , x n ]/ (G> 1 ) — > 
K[xi, . . . , x n ]/(G >1 ) corresponding to the multiplication by Xi. The matrix T\ is called multiplication 
matrix by X{. These matrices are constructed by computing 0(nD) matrix-vector products (of size D x 
D times D x 1). Hence, the first stage of FGLM algorithm (Algorithm 0) has an arithmetic complexity 
bounded by 0(nD 3 ). Once all the multiplication matrices are computed, the second Grobner basis w.r.t. 
the new monomial order >2 is recovered by testing linear dependency of 0(nD) vectors of size D x 1. 
This can be done in 0(nD 3 ) arithmetic operations. This algorithm is summarized in Algorithm [2] In 
consequence, solving regular zero-dimensional systems can be done in 0(nD 3 ) arithmetic operations and 
change of ordering appears as the bottleneck of P0SS0. 

Fast Linear Algebra. Since the second half of the 20th century, an elementary issue in theoretical com- 
puter science was to decide if most of linear algebra problems can be solved by using fast matrix multi- 
plication and consequently bound their complexities by that of multiplying two dense matrices i.e. 0(m u ) 
arithmetic operations where raxmis the size of the matrix and 2 < uj < 2.3727. This upper bound for 
uj was obtained by Vassilevska Williams in fiTTl . For instance, Bunch and Hopcroft showed in [ 10] that the 



Algorithm 2: FGLM 



Input : The Grobner basis w.r.t. >i of an ideal X. 
Output: The Grobner basis w.r.t. >2 of T. 

1 Computing the multiplication matrices T\, . . . ,T n ; n o(nD) matrix-vector products 

2 From T\, . . . , T n Computing the Grobner basis Of X W.r.t. >2, II 0(nD) linear dependency tests 



inverse or the triangular decomposition can be done by using fast matrix multiplication. Baur and Strassen 
investigated the determinant in [3]. The case of the characteristic polynomial was treated by Keller-Gehrig 
in ll27l . Although that the link between linear algebra and the change of ordering has been highlighted for 
several years, relating the complexity of the change of ordering with fast matrix multiplication complexity 
is still an open issue. 

Main results. The aim of this paper is then to give an initial answer to this question in the context of 
polynomial systems solving i.e. for the special case of the DRL and LEX orderings. More precisely, 
our main results are summarized in the following theorems. First we present a deterministic algorithm 
computing the univariate polynomial representation of a polynomial system verifying Hypothesis Q] and 
whose equations have bounded degree. 

Theorem 1.1. Let S = {/i, . . . , f n } C K[xi, . . . , x n ] be a polynomial system verifying Hypothesis\J\and 
let K be the rational field Q or a finite field ¥ q . If the sequence (/i, • • • , /n) I s a regular sequence and if 
the degree of each polynomial fi(i = 1, . . . , n) is uniformly bounded by a fixed integer d then there exists 
a deterministic algorithm solving Problem\l\in 0(d ujn + D u ) where the notation O means that we neglect 
logarithmic factors in D and polynomial factors in n and d. 

Then we present a Las Vegas algorithm extending the result of Theorem II. II to polynomial systems not 
necessarily verifying Hypothesis [Hand whose equations have non fixed degree. 

Theorem 1.2. Let S = {/i, . . . , /„} C K[cci, . . . , x n ] be a polynomial system and let K be the rational 
field Q or a finite field ¥ q . If the sequence (/i, . . . , f n ) is a regular sequence where the degree of each 
polynomial is uniformly bound by a non fixed parameter d then there exists a Las Vegas algorithm solving 
Problem\l}in Old^ 71 + D w ) arithmetic operations; where the notations O means that we neglect logarithmic 
factors in D and polynomial factors in n. 

If IK = Q the probability of success of the algorithm mentioned in Theorem ll.2l is 1 while in the case of a 
finite field ¥ q of characteristic p, the success of the algorithm depends on the size of p and q, see Section IT2l 

As previously mentioned, the Bezout's bound allows to bound D by d n and genetically this bound is 
reached i.e. D = d n . By consequence, Theorem 11.11 (respectively Theorem 1 1.21 means that if the equa- 
tions have fixed (respectively non fixed) degree then there exists a deterministic (respectively a Las Vegas) 
algorithm computing the univariate polynomial representation of generic polynomial systems in 0{D UJ ) 
arithmetic operations. 

To the best of our knowledge, these complexities are the best ones for solving the PoSSo Problem [Q 
For example, in the case of field of characteristic zero, under the same hypotheses as in Theorem 11.11 one 
can now compute a univariate polynomial representation of the solutions in 0(D^) without assuming that 
the multiplicative structure of K[xi, . . . , x n ] is known. This can be compared to the method in [7] which, 
assuming the multiplicative structure of the quotient ring known, computes a parametrization of the solutions 
in O (n2 n Dz J. Noticing that under the hypotheses of Theorem ll.il n is of the order of log 2 (L>) and the 



algorithm in [7 ] has a complexity in O ( D 



Outline of the algorithms. In 2011, Faugere and Mou proposed in [21] another kind of change of or- 
dering algorithm to take advantage of the sparsity of the multiplication matrices. Nevertheless, when the 
multiplication matrices are not sparse, the complexity is still in 0{D 3 ) arithmetic operations. Moreover, 
these complexities are given assuming that the multiplication matrices have already been computed and 
the authors of 11211 do not investigate their computation whose complexity is still in 0(nD 3 ) arithmetic 
operations. In FGLM, the matrix-vectors products (respectively linear dependency tests) are intrinsically 
sequential. This dependency implies a sequential order for the computation of the matrix-vectors products 
(respectively linear dependency tests) on which the correctness of this algorithm strongly relies. Thus, in 
order to decrease the complexity to O (D u ) we need to propose new algorithms. 

To achieve result in Theorem II. II we propose two algorithms in 0{D UJ ), each of them corresponding to 
a step of the Algorithm [2] 

We first present an algorithm to compute multiplication matrices assuming that we have already com- 
puted a Grobner basis G. The bottleneck of the existing algorithm [ 19 1 came from the fact that nD normal 
forms have to be computed in a sequential order. The key idea is to show that we can compute simultane- 
ously the normal form of all monomials of the same degree by computing the row echelon form of a well 
chosen matrix. Hence, we replace the nD normal form computations by \og 2 {D) (we iterate degree by 
degree) row echelon forms on matrices of size (n D) x {nD + D). To compute simultaneously these normal 
forms we observe that if r is the normal form of a monomial m of degree d — 1 then m — r is a polynomial 
in the ideal of length at most D + 1; then we generate the Macaulay matrix of all the products xim — x%r 
(for % from 1 to n) together with the polynomials g in the Grobner basis G of degree exactly d. We recall 
that the Macaulay matrix of some polynomials I3T1I331 is a matrix whose rows consist of the coefficients 
of these polynomials and whose columns are indexed with respect to the monomial ordering. Computing a 
row echelon form of the concatenation of all the Macaulay matrices in degree less or equal to d enable us to 
obtain all the normal forms of all monomials of degree d. This yields an algorithm to compute the multipli- 
cation matrices of arithmetic complexity 0{dn LJ D UJ ) where d is the maximal degree of the polynomials in 
G; note that this algorithm can be seen as a redundant version of F4 or F5. 

In order to prove Theorem II .21 we use the fact that, in a generic case, only the multiplication matrix by 
the smallest variable is needed. Surprisingly, we show (Theorem 17 .11 1 that, in this generic case, no arithmetic 
operation is required to build the corresponding matrix. Moreover, for non generic polynomial systems, we 
prove (Corollary [3) that a generic linear change of variables bring us back to this case. 

The second algorithm (step 2 of Algorithm [2]) we describe is an adaptation of the algorithm given in fZT\ 
when the ideal is in Shape Position. Once again only the multiplication matrix by the smallest variable 
is needed in this case. When the multiplication matrix T of size D x D is dense, the 0{D 3 ) arithmetic 
complexity in ll2~T1l came from the 2D matrix- vector products T l r for i = 1, . . . , 2D where r is a col- 
umn vector of size D. To decrease the complexity we follow the Keller-Gehrig algorithm [27]: first, we 



compute T 2 ,T A , . . . ,T 2 ° g2 using binary powering; second, all the products TV are recovered by com- 
puting log 2 D matrix multiplications. Then, in the Shape Position case, the n univariate polynomials of 
the lexicographical Grobner basis are computed by solving n structured linear systems (Hankel matrices) in 
OinD log|(D)) operations. We thus obtain a change of ordering algorithm (DRL to LEX order) for Shape 
Position ideals whose complexity is in O (log 2 (-D) {D u + n\og 2 {D)D)) arithmetic operations. 

Organization of the paper. The paper is organized as follows. In Section [2] we first introduce some 
required notations and backgrounds. Then, an algorithm to compute the LEX Grobner basis given the 
multiplication matrices is presented in Section [3] Next, we describe the algorithm to compute multiplication 
matrices in Section [4] Afterwards, their complexity analysis are studied in Section [5] where we obtain 
Theorem ll.il Finally, in Section[7]we show how to deduced {i.e. without any costly arithmetic operation) the 
multiplication matrix by the smallest variable. According to this construction we propose another algorithm 



for polynomial systems solving which allows to obtain the result in Theorem 1 1.21 

The authors would like to mention that a preliminary version of this work was published as a poster in 
the ISSAC 2012 conference flU. 



2 Notations and preliminaries 

Throughout this paper, we will use the following notations. Let K denote a field (for instance the rational 
numbers Q or a finite field ¥ g of characteristic p), and A = K[xi, . . . , x n ] be the polynomial ring in n 
variables with x\ > • • • > x n . Let X be an ideal of A; once a monomial ordering < is fixed, a reduced 
Grobner basis G< of X w.r.t. < can be computed. Moreover, we always consider reduced Grobner basis 
so henceforth, we omit the adjective "reduced". For instance, Gdri (resp. Gi ex ) denotes the Grobner basis 
of X w.r.t. the DRL order (resp. the LEX order). A monomial of K[x\, . . . , x n ] is a product of powers of 
variables and a term is a product of a monomial and a coefficient in K. We denote by LT<(/) the leading 
term of / w.r.t. the monomial ordering <. 

Definition 1 (Zero-dimensional ideal). Let X be an ideal of A. If X has a finite number of solutions, counted 
with multiplicities in an algebraic closure of K, then X is said to be zero-dimensional. This number, denoted 
by D, is also the degree of the ideal X.IfX is zero-dimensional, then the residue class ring Vx = A/X is a 
IK-vector space of dimension D. 

From G< one can deduced a vector basis of Vx. Indeed, the canonical vector basis of Vx is B = {1 = 
ei < • • • < 6£>} where ej are irreducible monomials (that is to say for alH G {1, . . . , D}, there is no g G G< 
such that LT<g divides 6j). 

Definition 2 (Normal Form). Let f be a polynomial in A. The normal form of f is defined w.r.t. a monomial 
ordering < and denoted NF < (f): NF < (f) is the unique polynomial in A such that no term of NF < (f) 
is divisible by a leading term of a polynomial in G> and there exist g G X such that f = g + NF < (f). 
That is to say, NF < is a (linear) projection of A on Vx- We recall that for any polynomials f,g,h we have 
NF < (fg)=NF < (NF < (f)g)=NF < (NF < (f)NF < (g)). 

Let ip be the representation of Vx as a subspace of K D associated to the canonical basis B: 



V x -»■ K D 



^ : I ^D _ _ r , t 



We call multiplication matrices, denoted T\, . . . ,T n , the matrix representation of the multiplication by 
xi, . . . , x n in Vx- That is to say, the i th column of the matrix Tj is given by ■0(NF < (etXj)) = [cfl ,... , cf D } 1 

hence, T k = (cff) 

\ l 'J Ji,j=l,...,D 

The LEX Grobner basis of an ideal X has a triangular form. In particular, when X is zero-dimensional, 
its LEX Grobner basis always contains a univariate polynomial. In general, the expected form of a LEX 
Grobner basis is the Shape Position. 

Definition 3 (Shape Position). An ideal of A is in shape position if its LEX Grobner basis is of the form 
G/e A - = {x\ — hi(x n ), . . . , x n -\ — h n -i(x n ), h n (x n )} where hi, ... , h n -\ are univariate polynomials of 
degree less than D and h n is a univariate polynomial of degree D. 

When the field K is Q or when its characteristic p is sufficiently large, almost all zero-dimensional ideals 
have, up to a linear change of coordinates, a LEX Grobner basis in Shape Position 1281 . A characterization 
of the zero-dimensional ideals that can be placed in shape position has been given in |6). A less general 



result H23II291 usually called the Shape Lemma is the following: an ideal X is said to be radical if for any 
polynomial in A, f k G 1 implies f £ X. Up to a linear change of coordinates, any radical ideal has a 
LEX Grobner basis in Shape Position. From now on, all the ideals considered in this paper will be zero- 
dimensional and will have a LEX Grobner basis in Shape Position. Moreover, we fix the DRL order for 
the basis of Vj that is to say that B = {ei, . . . , €£>} will always denotes the canonical vector basis of Vj 
w.r.t. the DRL order. Since for Shape Position ideals the LEX Grobner basis is described by n univariate 
polynomials we will call it the "univariate polynomial representation" of the ideal or, up to multiplicities, of 
its variety of solutions. 

In the following section, we present an algorithm to compute the LEX Grobner basis of a Shape Posi- 
tion ideal. This algorithm assumes the DRL Grobner basis and a multiplication matrix to be known. The 
computation of the multiplication matrices is treated in Section @] 



3 Univariate polynomial representation using structured linear algebra 

In this section, we present an algorithm to compute univariate polynomial representation. This algorithm 
follows the one described in II2TI . The main difference is that this new algorithm and its complexity study 
do not take into account any structure of the multiplication matrices (in particular any sparsity assumption). 

Let Giex = {h n (x n ),x n -i — h n -i(x n ), ... ,x\ — h\(x n )} be the LEX Grobner basis of Z. Given the 
multiplication matrices Ti, . . . , T n , an algorithm to compute the univariate polynomial representation has to 
find the n univariate polynomials h\,...,h n . For this purpose, we can proceed in two steps. First, we will 
compute h n . Then, by using linear algebra techniques, we will compute the others univariate polynomials 
h\,... , h n -\- 

Remark 1. In this section, for simplicity, we present a probabilistic algorithm to compute the univariate 
polynomial representation. However, to obtain a deterministic algorithm it is sufficient to adapt the de- 
terministic algorithm for radical ideals admitting a LEX Grobner basis in Shape Position given in H20V in 
exactly the same way we adapt the probabilistic version. 



3.1 Computation of h n 

To compute h n we have to compute the minimal polynomial of T n . To this end, we use the first part of the 
Wiedemann probabilistic algorithm which succeeds with good probability if the field IK is sufficiently large, 
see ED. 

Let r be a random column vector in K D and 1 = V>(1)* = [1,0,..., 0]*. If a = [oi, . . . , an] and 
b = [bi, . . . , bu] are two vectors of K D , we denote by (a, b) the dot product of a and b defined by (a, b) = 
Yli=i a ibi- If r l> • • • j r k are column vectors then we denote by (ri [ . . . |rjb) the matrix with D rows and k 
columns obtained by joining the vectors r-j vertically. 

Let S = [(r, Tnl) \ j = 0, . . . , 2D — 1] be a linearly recurrent sequence of size 2D. By using for 
instance the Berlekamp-Massey algorithm 041 . we can compute the minimal polynomial of S denoted p,. If 
deg(//(x n )) = D then we deduce that fi(x n ) = h n (x n ) E Gi ex since \i is a divisor of f n . 

In order to compute efficiently S, we first notice that (r, Tnl) = (T J r, 1) where T = T^ is the trans- 
pose matrix of T n . Then, we compute T 2 , T 4 , . . . , T 2 ° S2 using binary powering with [log 2 D] matrix 
multiplications. Similarly to 11271 . the vectors T^r for j = 0, . . . , (2D — 1) are computed by induction in 

7 



log 2 D steps: 



T 2 (Tr | r) 
T 4 (T 3 r | T 2 t \ Tt\ r) 



(T 3 r | T 2 r) 

(T 7 r | T 6 r | T 5 r [ T 4 r) 



2 riog 2 (o)i , 2 n°g2(D)i -i 



(T 2D 



-l. 



T 2D-2 r 



-, 2 riog 2 (D)i 



r) 



(3a) 



3.2 Recovering hi, ... ,/i n -i 

We write /ij = X^fc^o a i,k x n for i = 1, . . . ,n — 1 where a» € IK are unknown. We have for i = 1, . . . ,n— 1: 



D-l 



D-l 



Xi — hi <E Giex is equivalent to = NFd r i x« — Yj 



Q^j fcX r 



Til-J2 ai,kT*l . 



Multiplying the last equation by Tn for any j = 0, . . . , (D — 1) and taking the scalar product we deduce 
that: 

D-l D-l 

= (r,T^(ra)) - £ a 4 , fc (r,T n fe+ n) = (T^I-l) - £ a ijfe (T fe +^r, 1) (3b) 

fc=0 fc=0 

Hence, we can recover hi, for z = 1, . . . , n — 1 by solving ra — 1 structured linear systems: 



/ (T°r,Ta) \ / (T°r,l) (TV 1) 



CiA 



\ (T^r,T t l) J 



(T\l) (T 2 r,l) ... (T°r,l) 
V (T - 1 !-,!) (T D r,l) ... (T 2D - 2 r,l) / 



(3c) 



\ Cj,o-i / 



■H 



C; 



Note that the linear system Ocb has a unique solution since from [25 ] the rank of % is given by the 
degree of the minimal polynomial of S which is exactly D in our case. The following lemma tell us that we 
can compute Tjl without knowing Ti. 

Lemma 1. The vectors Til for i = 1, . . . , n — 1 can be read from Gdri- 

Proof. We have to consider the two cases NFd r i (xj) ^ Xi or NF^i (xj) = Xi. 

First, if NFd r i (xj) ^ x- t then there exists g G Gdri such that CTm (g) divides Xj. This implies that g is a 
linear equation: 



■^ /' 



+ ^J a i,j x j + «i,0 with Ojj € 



(3d) 



j>i 



Hence, NF dri (x;) = - ^™>j a^j - a ifi and Tjl = -[a ifi , 0, . . . , 0, a iii+1 , . . . , a;, n , 0, . . .]*. Otherwise 
NF drl (xi) = Xi so that Til = [0, . . . , 0, 1, 0, . . . , 0] 4 . □ 

Hence, once the vectors T J r have been computed for j = 0, . . . , (2D — 1), we can deduce directly the 
Hankel matrix % with no computation but scalar products would seem to be needed to obtain the vectors bj. 
However, by removing the linear equations from Gdri we can deduce the bj without arithmetic operations. 



Linear equations in Gdri- Let denote by L the set of polynomials in Gdri of total degree 1 (usually L is 
empty). We define £ = {je{l,...,n-l} such that NFdri (xj) / Xj} and C c = {1, . . . , n — 1}\£ so 
that {x{ | i G £} = LTd r i (L). In other words there is no linear form in Gdri with leading term Xi when 
ieC c . 

We first solve the linear systems (l3cT ) for i G C c : we know from the proof of Lemma [T] that Tjl = 
[0, . . . , 0, 1, 0, . . . , 0]'. Hence, the components (T^r, Tjl) of the vector bj can be extracted directly from 
the vector T J 'r. By solving the corresponding linear system we can recover hi(x n ) for all i G C c . 

Now we can easily recover the other univariate polynomials hi(x n ) for alii G C: by definition of C we 
have 

li = Xi + 2_j a i,j x j + ®i, n x n + «j i0 G L C Gdri with ai t j G K. 
je£ c 

Hence the corresponding univariate polynomial hi{x n ) is simply computed by the formula: hi{x n ) = 
— J2jeC c a i,jhj(x n ) — ai :n h n (x n ) — a^o- Hence we have reduced the number of linear systems (l3cl 
to solve from n — Hon — #£ — 1. 

We conclude this section by summarizing the algorithm to compute univariate polynomial representation 
in Algorithm |3] For a deterministic version of Algorithm |3] we refer the reader to Remark Q] In the next 
section, we discuss how to compute the multiplication matrices. 

Algorithm 3: Univariate polynomial representation 
Input : The multiplication matrix T n and the DRL Grobner basis Gdri of an ideal X. 
Output: Return the LEX Grobner basis Gi ex of Z or fail. 

1 Compute T 21 for i = 0, . . . , log 2 D and compute T-'r for j = 0, . . . , (2D — 1) using induction (l3al ). 
Deduce the linearly recurrent sequence S and the Hankel matrix % ; 

2 h n (x n ) := BerlekampMassey(S) ; 

3 if deg(h n ) = D then 

4 

5 
6 

7 
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Let £ c = {jG{l,...,n-l} such that NF dr i (xj) = Xj} and C = {1, . . . , n - 1}\C C ; 
for j G C c do 

Deduce Tj 1 and bj then solve the structured linear system % Cj = hj ; 

hj(x n ) := X^i=o c i:* x n wnere c j,« is the ith component of the vector a,-; 
for j g £ do 

hj(x n ) := — X^?.g£ c a j^i{ x n) — oij^ n h n (x n ) — aijfi where a^j is the ith coefficient of the 

linear form whose leading term is Xj ; 

return [x\ - hi(x n ),... ,x n -i - h n -i(x n ), h n (x n )]; 



li else return fail; 



4 Multiplication matrices 

4.1 The original algorithm in 0(nD 3 ) 

To compute the multiplication matrices, we need to perform the computation of the normal forms of all 
monomials eiXj where 1 < i < D and 1 < j < n. 



Proposition 1 ( |fl9l ). Let F = {eiXj \ 1 < i < D, 1 < j < n} \ B be the frontier of the ideal. Let 

t = €{,Xj G F then 

I. either t = LT^i id) for some g G Gdri hence, NF^ri (t) = t — g; 



//. or t = Xkt' with t' G F and deg(t') < deg(t). Hence, ifNF dr i{t') = ^2i = \Onei with e s < dr i t', 
NF drl (t) = NF M {x k NF M (f)) = J2 s l=1 aiNF dd (eix k ). 

From this proposition, it is not difficult to see that the normal form of all the monomials eiXj can be 
easily computed if we consider them in increasing order. Indeed, let t = eiXj for some i G {1, . . . , D} 
and j G {1, . . . , n}. Assume that we have already computed the normal form of all monomials less than 
t and of the form Ci'Xji. If t is in B or is a leading term of a polynomial in Gdri then its normal form is 
trivially known. If t is of type ^ of Proposition Q] then t = x^t' with t' <d r i t hence NFdri (£') = Ylt=i a i e i 
is known. Finally, NFdri (t) = Yli=i a i^^dri (%k£i) with x^f-i <dri x^t' = t for all Z = 1, . . . , s. Thus 
the normal forms of x^f-i are known for all I = 1, . . . , s and we can compute NFdri (t) in D 2 arithmetic 
operations. This yields the algorithm proposed in [19|. However, since the cardinal of the frontier F can be 
bounded by n D the overall complexity is 0(nD 3 ) arithmetic operations. 

4.2 Computing the multiplication matrices using fast linear algebra 

Another way to compute the normal form of a term t is to find the unique polynomial in the ideal whose 
leading term is t and the others terms correspond to monomials in B. Hence, to compute the multiplication 
matrices, we look for the polynomial t — NFd r i (t) for any t in the frontier F (see Proposition [Q). Therefore, 
to compute these polynomials we proceed in two steps. First, we construct a polynomial in the ideal whose 
leading term is t. If t is the leading term of a polynomial g in Gdri then the desired polynomial is g itself. 
Otherwise, t is of type HT1 of Proposition [T1 and t = x^t' with t' G F and deg(t') < deg(t). We will proceed 
degree by degree so that we can assume we know a polynomial /' in the ideal whose leading term is t'; then 
the desired polynomial is / = x^f . Next, once we have all the polynomials / with all possible leading 
terms t of some degree d, we can recover the canonical form t — NFdri {t) by reducing / with respect to 
the others polynomials whose leading terms are less than t. By computing a reduced row echelon form 
of the Macaulay matrix (the matrix representation) of all these polynomials, we can reduced all of them 
simultaneously. 

Following the idea presented above, we can now describe Algorithm [4] for computing all the multipli- 
cation matrices T^. Assuming that F is sorted in increasing order w.r.t. <dri, we define the linear map 
0: 

/ A -> K D +# F \ 

Let M be a row indexed matrix by all the monomials in F. Let m be a monomial in F and i the position of 
m in F, M[m] denotes the row of M of index m i.e. the (#F — i + l) th row of M containing a polynomial 
of leading term m. If T is a matrix, T[*, i] denotes the i th column of T. 

Proposition 2. Algorithm\4\is correct. 

Proof. The key point of the algorithm is to ensure that for each monomial in F its normal form is computed 
and stored in NF before we use it. We will prove the following loop invariant for all d in {<i m i n , . . . , d max }. 

Loop invariant: at the end of step d, all the normal forms of the monomials of degree d in the frontier F 
are computed and are stored in NF. Moreover, the m row of the matrix M contains <ft(m — NF^i (m)) for 
any monomial m G F d . 

First, we assume that d = cZ m i n . Then, each monomial t of degree d in F is of type (Q]) of Proposition [Q 
Indeed, if t was of type dTTJ) then there exists t' in F of degree d — 1 which divides t. This is impossible 
because t' G ^d min -i = 0- Hence, the normal form of t for t G F^^, is known and M[t] contains <fi{g) with 
g the unique element of Gdri such that LTd r i (g) = t. Hence, M[t] = <p(g) = <ft(t — NFd r i (£)). Moreover, 
since Gdri is a reduced Grobner basis , the matrix M is already in reduced row echelon form. Thus, the loop 
in Line |3 updates NF[t] for all t G F d . 

10 



Algorithm 4: Building multiplication matrices (in the following 
gives details about pseudo code on the left side). 



does not mean parallel code but 



Input : The DRL Grobner basis Gdri of an ideal X. 
Output: The n multiplication matrices T\, . . . , T n . 
l Compute B = {ei < ■ ■ ■ < ejj} and F = {x;€j \ i - 



l,...,nzDdj = l,...,D}\B,S:=#F; 



2 d min := min({deg(t) | t G F}); ci max := max({deg(i) | t G F})\ NF := []; 

3 M := the zero matrix of size nD x (n + 1)D row indexed by all the monomials in F; 

4 for d = d min to d max do 
s F d := Sort({t G F | deg(t) = d}, < dr i) ; 
6 for m £ Fj do 



8 

9 

10 



Check if we can find: 

(i)g £ Gdri such that LTdri (g) — m 
(ii) t' 6 F such that m = Xkt' 

Add the corresponding row to the matrix M; 



M := ReducedRowEchelonForm(M) 
for i = 1 to Sd do 

I Read NF dri (m) from M; 



ii Construct T x , . . . , T n from NF; 



return T 



i J -ni 



if m = LTrf r ; (<?) then 
|_ M[m] := 0(fl); 

else 

Find Kfe and t' 6 Fd-i such that m = Xkt'\ 
M[m] := d>(m - XhW[t']); 



NF[m]:=-j:f^M[m,S + 3}e, 



for e in B do NF[e] := e; 
for t w fuBdo 

for a;, 5.f. x% divides t and ■ 
I 7M*,j] : =vKNF[i]); 



e, G B do 



Let d > dmin, we now assume that the loop invariant is true for any degree less than d. For all t G F d 
the t th row of M contains either <j>{t - NF dri (t)) if t is of type dU) or 0(t - x fc NF[t']) if t is of type CD). 
Since deg(t') = d — 1, by induction its normal form is known and in NF Hence NF[i'] = NF^ri (t') and 
M[t] = 4>(xk(t' — NF^i it'))- A first consequence is that, before Line[8j since we sort F^ at each step, M 
is an upper triangular matrix with M[t,t] = 1 for all t G Fd, see Figured] Note that sorting F d is required 



D 



only to obtain this triangular form. Let / be the polynomial NFd r i (£'). Writing / = X^i=i ^j e j we nave 



that Xj = if deg(ej-) > d since deg(NF dri (*')) < deg(i') = d - 1. So that / = Y?j=\ x j e j such that 
deg(ej) < d when j < k. Now for all j such that 1 < j < A; we are in one of the following cases: 

1. Xfcefc G B so that NFd r i (a^fcEfc) = ^fcefc is already reduced. 



2. a^e/- G i 7 . Since d' 
added to M. 



deg(x / te / fc) < d it implies that £&£& G F^ so that the row Mfx^efc] has been 



Moreover, since each row of the matrix M contains polynomial in the ideal (Gdri) after the computation 
of the row echelon form, the rows of the matrix M contain also polynomials in (Gdri) being linear combina- 
tion of the previous polynomials. Hence, after the computation of the row echelon form of M, the row M[t] 
is equal to cp(t — NFdri (£))• 

By induction, this finishes the proof of the loop invariant and then of the correctness of Algorithm @] □ 

5 Polynomial equations with fixed degree: the tame case 

The purpose of this section, is to analyze the asymptotic complexity of Algorithm [3] and Algorithm [4] when 
the degrees of the equations of the input system are uniformly bounded by a fixed integer d > 1 and to 
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establish the first main result of this paper. 

5.1 General Complexity analysis 

We first analyse Algorithm [3] to compute the univariate polynomial representation given the last multiplica- 
tion matrix. 

Proposition 3. Given the multiplication matrix T n and the DRL Grobner basis Gdri of an ideal in Shape 
Position, its LEX Grobner basis can be probabilistically computed in 0(log 2 (D) (D u +n log 2 (D)D)) where 
D is the number of solutions. Expressed with the input parameters of the system to solve the complexity is 
0{ndy n ) where d > 1 is a (fixed) bound on the degree of the input polynomials. 

Proof. As usual T = T^ is the transpose matrix of T n . Using the induction (l3al) . the vectors T J r can be 
computed for all j = 0, . . . , (2D — 1) inO(log 2 (D)D u) ) field operations. Then the linear recurrent sequence 
S and the matrix % can be deduced with no cost. The Berlekamp-Massey algorithm compute the minimal 
polynomial of S in 0(D log|(D)) field operations Il8ll25l. 

As defined in Section [3^21 C = {j € {1, . . . , n — 1} such that NFd r i (xj) ^ Xj} and C c = {1, . . . , n — 
1}\£. The right hand sides of the linear systems bj can be computed without field operations when i € 
C c . Since the matrix H is a non singular Hankel matrix, the #C C linear systems (l3cT l can be solved in 
0(#£ c log 2 (D)D) = 0(nlog 2 (D)D) field operations. Then, to recover all the hi(x n ) for i € C we 
perform 0(#£#£ C D) = 0(n 2 D) multiplications and additions in K. 

Since the Bezout's bound allows to bound D by d n with d a fixed integer we have log 2 (-D) < n log 2 (d) 
and the arithmetic complexity of Algorithm [3] is 0(log 2 (D)(D UJ + nlog 2 (-D)-D)) which can be expressed 
in terms of d and n as 0(nd^ n ). □ 

Note that the deterministic version, mentioned in Remark [Q have a complexity in 0(log 2 {D)D u + 
D 2 (n + log 2 (-D) log 2 (log 2 (-D)))) arithmetic operations, thanks to induction (l3aT l and section 3.2.2 in [20]. 
This deterministic version computes the LEX Grobner basis of the radical of the ideal in input when the 
ideal is in Shape Position,. In our case, this is not restricting since in Problem [T]we assume that all the roots 
of the system are simple which is equivalent to say that the ideal generated by the polynomial is radical. 

Proposition 4. Let T n be the multiplication matrix and Gdrl be the DRL Grobner basis of a radical ideal 
I in Shape Position. There is a deterministic algorithm which computes the LEX Grobner basis of I in 
0(\og 2 {D)D Uj + D 2 (n + log 2 (D) log 2 (log 2 (£>)))) (or in O^nd^)) arithmetic operations in K. 

Now, to complete the first algorithm, we deal with the complexity of Algorithm H] to compute the mul- 
tiplication matrices. Note that in proposition [3] and [4] only the last matrix T n is needed. Before to consider 
the complexity of Algorithm |4j we first discuss about the complexity of computing B and F. 

Lemma 2. Given G c iri (resp. B) the construction ofB (resp. F) requires at most 0(w?D 2 ) (resp. 0(nD 2 + 
n 2 D)) elementary operations which can be decreased to 0(nD) (resp. 0(n 2 D)) elementary operations if 
a hash table is used. 

Proof. It is well known that the canonical basis B can be computed in polynomial time (but no arithmetic 
operations). Nevertheless, in order to be self contained we describe an elementary algorithm to compute B. 
We start with the monomial 1 and we multiply it by all the variables Xi which gives n new monomials to 
consider. If the new monomials are not divisible by a leading term of a polynomial in Gdd then we keep it 
otherwise we discard it. At each step we multiply by the variables xi only the monomials of highest degree 
that we have kept and we proceed until the step where all the new monomials are discarded. Hence, we 
have to test the irreducibility of all the elements in F U B whose total number is bounded by (n + \)D. 
Since LTdri (Gdri) C F we can bound the number of elements of Gdri by nD. Therefore, to compute B we 
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have to test the divisibility of (n + 1)D monomials by at most nD monomials. Hence, the construction of 
B can be done in 0(n 3 D 2 ) elementary operations. Note that by using a hash table and assuming we have 
no memory limit, for each monomial we can test its divisibility by a leading term of polynomials in Gdri in 
0(1) operations. In that case B can be constructed in 0(nD) elementary operations. 

From B, the construction of F requires nD monomials multiplications i.e. n 2 D additions of integers. 
Moreover, removing B of F can be done by testing if (n + \)D monomials are in B in at most 0(nD 2 ) 
elementary operations which can be decreased to 0{nD) if we use a hash table. □ 

Now we seen how constructing B and F, the complexity of Algorithm |4] is treated in the following 
proposition. 

Proposition 5. Given the DRL Grobner basis Gdri of an ideal, we can compute all the multiplication ma- 
trices in 0((<i max — d m \ n )n u - 'D^) (or in 0((d max — ^min)^^™)) arithmetic operations in K where d max 
(resp. d m \ n ) is the maximal (resp. the minimal) degree of all the polynomials in G c irh 

Proof. Algorithm H] computes all the multiplication matrices incrementally degree by degree. The frontier 
F can be written as the union of disjoint sets F$ = {t G F | deg(t) = 6} so that we define ss := #F$ and 
S$ := Sd min + • • • + ss- The cost of the loop at Line@]is, at each step, given by the complexity of computing 
the reduced row echelon form of M . In degree 5 the shape of the matrix M is depicted on Figured] where 
Id(S , 5_i) is the Ss-i X Ss-i identity matrix, 0(S' ( 5_i) is the Ss-i X ss zero matrix, T is a sg X ss upper 
triangular matrix and B, C, D are dense matrices of respective size ss X Ss~\, ss x D, Ss~i x D. 



M : 
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Figure 1: Shape of the matrix M of Algorithmic 

Consequently the reduced row echelon form of M can be obtained from the following formula: 

T- l (C-BD) 



ReducedRo wEchelonForm ( M ) 



ld(S 5 ) 



D 



Since sg < Ss < <S*rf max < nD we can bound the complexity of computing the reduced row echelon form of 
M by Oin^D^). From Lemma [2j the costs of the construction of B and F are negligible in comparison to 
the cost of loop in Line [4] which therefore gives the complexity of Algorithm [4J 0((d max — <i m i n )n w Z) w )) 



arithmetic operations. Since D < d n , this complexity can be written as 0(((4 



dminKd^). 



D 



5.2 Complexity for regular systems 

Regular systems form an important family of polynomial systems. Actually, the complexity of computing 
a Grobner basis of a regular system is well understood. Since the property of being regular is a generic 
property this also the typical behavior of polynomial systems. 



Definition 4. A sequence of non zero homogeneous polynomials (/i, . . . , f m ) G A m is regular if for all 
i = 1, . . . , m — 1, /i+i does not divide in A/ (/i, . . . , /j). A sequence of non zero affine polynomials is 

ft 



regular if the sequence (/f, . . . , fj^) is regular where f^ is the homogeneous part of highest degree of /j. 
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For regular systems we can bound accurately the values of d max which is the maximal degree of Gdri 
and we can proof the first main result of this paper. 

Theorem 5.1. Let S = {/i, . . . , f n } be a polynomial system generating a radical ideal admitting a LEX 
Grobner basis in Shape Position. Assume that (/i, . . . , f n ) is a regular sequence of polynomials whose 
degrees are uniformly bound by a fixed integer d i.e. deg(/j) < d for i = 1, ... ,n. The univariate 
polynomial representation of all the solutions of S can be computed using a deterministic algorithm in 
0{d uin + (dn U}+l + \og 2 (D))D UJ ) arithmetic operations in K 

Proof. For regular systems d max can be bounded by the Macaulay bound (UHl: d max < Ya=i (deg(/«) ~~ 
1) + 1 < n(d — 1) + 1 . Given the system S the complexity of computing the DRL Grobner basis of (S) is 
bounded by Q : 

o(( n+d —Y)=o(( nd+1 Y)=o( d n 



n J J \ \ n 

arithmetic operations. 

From this DRL Grobner basis, according to Proposition [5] the multiplication matrix T n can be computed 
in 0(dn UJ+1 D u) ) arithmetic operations. 

Finally, from T n and the DRL Grobner basis, thanks to Proposition |4]the univariate polynomial represen- 
tation can be computed by a deterministic algorithm in 0(log 2 (D)D w + D 2 (n + log 2 (-D) log 2 (log 2 (D)))) 
arithmetic operations. Since, F\ |[T6l . F^ ifTTl and Algorithm @] are deterministic algorithms this finishes the 
proof. □ 

Among regular systems, there are generic systems. A generic systems is a sequence of dense polyno- 
mials whose coefficients are unknowns or any random instantiations of these coefficients. Let di = deg(/j) 
for all i = 1, . . . , n. Since the Bezout's bound allows to bound the number of solutions D by YYi=\ di < d n 
and since this bound is generically reached, we have genetically that D = YIi=i ^ — ^™ an( ^ we § et tne 
following corollary. 

Corollary 1. Let K be the rational field Q or a finite field ¥ q . Let S = {/i, . . . , /„} C K[xi, . . . , x n ] be 
a generic polynomial system generating an ideal I = (S) of degree D.lfX admits a LEX Grobner basis 
in Shape Position and if the degree of each polynomial in S is uniformly bounded by a fixed integer d then 
there exists a deterministic algorithm which computes the univariate polynomial representation of the roots 
of S in 0{D U ) arithmetic operations where the notation O means that we neglect logarithmic factors in D 
and polynomial factors in n. 

In the next section, we study a first step towards the generalization of Theorem 15.1 I to polynomial systems 
with equations of non fixed degree. More precisely, we are going to discuss what happens if one polynomial 
have a non fixed degree i.e. its degree depends on a parameter (for instance the number of variables). In this 
case, Theorem 5.1 does not apply but we present other arguments in order to obtain a similar complexity 
results for computing Gi ex given Gdri and new ideas for its generalization. 

6 A worst case ultimately not so bad 

Weconsider, for instance, the following pathological case: deg(/ii) = • • • = deg(/i n _i) = 2 anddeg(/i n ) = 
2 n . Then, D = 2 2n ~ 1 , d m - m = 2 and d max = 2 n + n — 1. In this context, the complexity of computing 
Giex given G^i seems to be in 0(log2 {D)D w+ z) arithmetic operations. However, we will show that an 
adaptation of Algorithm fallows to decrease this complexity. 

In (35], Moreno-Socias studied the basis of the residue class ring A/1, w.r.t. the DRL ordering, for 
generic ideals. In particular, he shows that when the smallest variable x n is in abscissa any section of the 
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stairs of X has steps of height one and of depth two. That is to say, for any variable Xi with i < n and for 
all instantiations of the others variables ({x± , . . . , x n -i } \ {xj}) the associated section of the stairs of X has 
the shape in Figure |2] 




M 

(defined in Prop. [6} 



LTd,i (g) for some g G 
Element of B 



Figure 2: Section of the stairs of generic ideals with deg(xj) fixed for all j G {1, . . . , n 
This shape is summarized in Proposition [6] 



1}\». 



{m 



„a\ 



x%£ | mxi E B}. Let 5 = £? =1 (deg(fc 
= 5 — 2a, then 



Proposition 6 (Moreno-Socias 11351 '). Let Bi 

1), 5* = Er=i 1 ( de g( /l i) - !) anda = min (5*, [f J). Let p 

a. JBq = • • • = -B^ a«<i -Bj = B^ifor p < i < 5 and i ^ 5 mod 2; 

ft. The leading term of polynomials in Gdri of degree in x n have degree at most a + 1 
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c. 77je leading term of polynomials in G^ri of degree a in x n with p, < a < 5 + 1 with a ^ 5 mod 2 are 
all of total degree d + a where d = max(deg(m) | m £ i? a _i). Moreover, all these leading terms are 
exactly given by t = mx^for all m € B a _i of degree d; 

d. There is no leading term of polynomials in &dri of degree 1 , . . . , pi in x n or of degree a in x n with 
a>5 + lorjjL<a<5 and a = 5 mod 2. 

In our case, we have (i max = S + 1, 5* = n — 1, 5 = 2 n -\- n — 2, a = n — 1 and fi = 2 n — n. We 
can note that in this particular case, p is very large which implies that a large part of the monomials of the 
form eiXj are actually in B. We will show that in Algorithm @] instead of computing the loop in Line@]for 



d = dr. 



> "max 



we can perform it only on restricted subset d = d n 



,o-(n-l) + l,fJL+l,...,dn 



By consequence, the complexity of computing Gi ex given Gdri will be in 0((d n 



p + a(n - 1) 



dmin)n w D w ) = 0{log% +z (D)D") with d max -p + a (n-l)-d n 



n 



2 - log^(D). 



Lemma 3. Given the normal form of all monomials in F of degree less or equal to o~{n — 1) + 1 we can 
compute all the normal forms of all monomials in F of degree less or equal than p in less than 0(nD 2 ) 
arithmetic operations. 

Suppose that we know the normal form of the monomials of the forms E{Xj of degree less than p which 
are not divisible by x n . From these normal forms, the idea of the proof is to show that the normal form of all 
the monomials of the form e-iXj of degree less than p and of degree a n > in x n is given by x" n NFdri (t) 
where NFdri (t) is assumed to be known. 

Proof. Let t G F of degree less or equal to p. First, assume that x n does not divide t. As I is zero 
dimensional, there exists rji,. . . , r} n -\ € N such that xf is a leading term of a polynomial in Gdri- Moreover, 
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from Proposition |6j r\{ < a. Hence, for all e G Bq, deg(e) < a(n — 1). The monomials in F not divisible by 
x n are all of the form x^e with i = 1, . . . , n— 1 and e € -Bo- Thus deg(i) < a(n — 1) + 1 and by hypothesis, 
its normal form is known. 

Suppose now that x n divides t and t is of typeHJof Proposition [Q We can write t = x"t' where a G N* 
such that x n \ t'. From Proposition [6] item ©, t' is a leading term of a polynomial in (Gdri)- Moreover, 
t G F so t = Xi€ with e £ B. Suppose that i = n hence, -p- = e = x" _1 £' G (Gdri) which is impossible. 
Thus, i ^ n and we have, i' = \ = x^e' € F with e* = ^ e B, Therefore, from the first part of this proof, 
NF dri (£') = J2t=i a i £ i> «i e IK is known. Finally, NF^ (t) = Ylt=i a* NF dri {x^i) with deg(x£e;) < /i. 
Let ki be such that x% |e* and x^ +1 f e« as 5 fe . = -B fc . +Q then x£e; G 5 and NF dr i (t) = J2t=i a i x n e i- 

By consequence, computing the normal form of t can be done in less than D arithmetic operations. As 
usual, we can bound the size of F by nD which finishes the proof. □ 

One can notice that Algorithm [3] - which computes univariate polynomial representation - takes as 
input only the multiplication matrix by the smallest variable. Thus in the proof of Theorem 15. II we did not 
fully take advantage of this particularity. Hence, the next section is devoted to study if this matrix can be 
computed more efficiently than computing all the multiplication matrices. By studying the structure of the 
basis of the K-vector space A/1 we will show that, up to a linear change of variables, T n can be deduced 
from Gdri- In the previous results, the algorithm restricting the order of magnitude of the degrees of the 
equations is Algorithm |4] to compute the multiplication matrices. Since, we need only T n which can be 
computed very efficiently, the impact of such a result is that there exists a Las Vegas algorithm extending 
the result of Theorem l5.1l to polynomial systems whose equations have non fixed degree. 

7 Polynomial equations with non-fixed degree: the wild case 

In this section, in order to obtain our main result, we consider initial and generic ideals. The initial ideal 
of X, denoted in<(X), is defined by in<(Z) = {LT<(/) | / € X}. A minimal set of generators of in<(Z) 
is denoted E (I), and is given by the leading terms of the polynomials in the Grobner basis of 1 w.r.t. the 
monomial ordering <. To compute the multiplication matrix T n we need to compute the normal forms of 
all monomials e«x n for i = 1, . . . , D with ej G B. As mentioned in Section [4] a monomial of the form ejX n 
can be either in B or in E (1) or in in<(X) \ E (I). As previously shown, the difficulty to compute T n 
lies in the computation of the normal forms of monomials e,x n that are in in<(I) \ E (X)). In this section, 
thanks to the study of the stairs, i.e. B, of generic ideals by Moreno-Socias, see Section |6l we first show 
that for generic ideals, i.e. ideals generated by generic systems (as defined in Section l5^2l ). all monomials of 
the form ejX n are in B or in E (X)). Hence, the multiplication matrix T n can be computed very efficiently. 
Then, we show that, up to a linear change of variables, this result can be extended to any ideal. According 
to these results, we finally propose an algorithm for solving the PoSSo problem whose complexity allows to 
obtain the second main result of this paper. 

7.1 Reading directly T n from the Grobner basis 

In the sequel, the arithmetic operations will be the addition or the multiplication of two operands in K that 
are different from ±1 and 0. In particular we do not consider the change of sign as an arithmetic operation. 

Proposition 7. Let Xbe a generic ideal. Let t be a monomial in E (I) i.e. a leading term of a polynomial 
in the DRL Grobner basis of I. Ifx n divides t then for all k G {1, . . . , n — 1}, — G in^ri (X). 

Proof. This result is deduced from the shape of the stairs of X (see Figure |2]for a representation in dimension 
2). Let t = x" 1 • • • x° n be a leading term of a polynomial in Gdri divisible by x n i.e. a n > and m = 
Xi 1 ■ ■ ■ x^T^ . We use the same notations as in Proposition [6] 
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From Proposition |6] item ©, since t G E(X) and a n > we have a n > p, and a n ^ 5 mod 2. 
Then, from Proposition [6] item flc}, deg(m) is the maximal degree reached by the monomials in B oln _ 1 . 
Thus Xkm ^ B anl for all A; G {1, . . . , n — 1}. As a consequence, for all k G {1, . . . , n — 1} we have 

Consequently, from the previous proposition, we obtain the following result. 

Theorem 7.1. Given Gdri the DRL Grobner basis of a generic ideal X, the multiplication matrix T n can be 
read from Gj r i with no arithmetic operation. 

Proof. Suppose that there exists i G {1, . . . , D} such that t = x n e« is of type dTTJ). Hence, t = mLTdri (g) 
for some g G G^i and deg(m) > 1 with x n \m (otherwise ej £ B). Then, there exists k G {1, . . . , n — 1} 
such that Xk \ m. By consequence, from Proposition |7] we have e« = — • — — ^^ G in^H (Z) which yields 
a contradiction. Thus, all monomials t = x n ei are either in B or in E(X) and their normal forms are known 
and given either by t (if t G B) or by changing the sign of some polynomial g G G^i and removing its 
leading term. Note that by using a linked list representation (for instance), removing the leading term of a 
polynomial does not require arithmetic operation. □ 

Thanks to the previous theorem, Algorithm |3]can be used to compute the LEX Grobner basis of a generic 
ideal: 

Corollary 2. Let X be a generic ideal in Shape Position. From the DRL Grobner basisG c i r i ofX, its LEX 
Grobner basis Gi ex can be computed in 0(log 2 (D)(D u ' + n log 2 (D)D)) arithmetic operations with a prob- 
abilistic algorithm or 0(\og 2 {D)D u) + D 2 (n + log 2 (-D) log 2 (log 2 (-D)))) arithmetic operations with a de- 
terministic algorithm. 

However, polynomial systems coming from applications are usually not generic. Nevertheless, this 
difficulty can be bypassed by applying a linear change of variables. Let g G GL(K, n) the ideal g ■ X is 
defined as follows g ■ X = {f(g- X) | /el} where X is the vector [x\, . . . , x n ]. By studying the structure 
of the generic initial ideal of X - that is to say, the initial ideal of g ■ X for a generic choice of g - we will 
show that results of Proposition [TJand Theorem 17.1 l ean be generalized to non generic ideals, up to a random 
linear change of variables. Indeed, in ll22l Galligo shows that for the characteristic zero fields, the generic 
initial ideal of any ideal satisfies a more general property than Proposition [7] Later, Pardue ll38l extends this 
result to the fields of positive characteristic. 

Definition 5. Let IK be an infinite field and X be an homogeneous ideal ofK[x\,..., x n ]. There exists a 
Zariski open set U C GL(K, n) and a monomial ideal J such that in^ri (g ■ X) = J for all g G U. The 
generic initial ideal ofX is denoted Gin(X) and is defined by J. 

The next result, is a direct consequence of J5]|22l|38] and summarized in lfT31 p.35 1-358]. This result 
allows to extend, up to a linear change of variables, Proposition |7]to non generic ideals. 

Theorem 7.2. Let K be an infinite field of characteristic p > 0. Let X be an homogeneous ideal of 
K.[xi, . . . , x n ] and J = Gin(X). For the DRL ordering, for all generators m of J, if x\ divides m and 
x^ does not divide m then for all j < i, the monomial —m is in J^ift^O mod p. 

Let / = Yli=o fi ^ e an affine polynomial of degree d of A where fi is an homogeneous polynomial of 
degree i. The homogeneous component of highest degree of /, denoted f h , is the homogeneous polynomial 
fd- Let X be an affine ideal i.e. generated by a sequence of affine polynomials. In the next proposition we 
highlight an homogeneous ideal having the same initial ideal than X This allows to extend the result of 
Theorem l7T2~1 to affine ideals. 
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Proposition 8. Let X = (/i, . . . , / s ) &e arc fljf/iwe /JeaZ. If {f\, . . . , f s ) is a regular sequence, then there 
exists a Zariski open set U a C GL(K, n) such that for all g G U a , E {g ■ X) = E {Gin (X )), 

Proof. Let / be a polynomial. We denote by f h the homogeneous component of highest degree of / 
and f a = f - f h . Let t G m dH (X), there exists / G X such that LT dr i (/) = t Since, / G X and 
(/{*, . . . , fs) is assumed to be a regular sequence then there exist h\,...,h s G K[jci, . . . , x n ] such that 
/ = Ei=i fc/< = £J=i >*/* + £*=l fc/f with deg(^/i) < deg(/) for alH G {1, . . . , s} and there exists 
j G {1, . . . , s} such that deg(hjfj) = deg(/). By consequence, / Si=i ^/i* e -^ where X h is the 
ideal generated by {#, . . . , / s h } and LT drl (/) = LT drl (£* =1 h t f t h ). Thus, in dri (X) C m drl (l h ). It is 
straightforward that in^z {X h ) C in^z (X) hence in^z (X' 1 ) = in^ r / (X). 

For all g G GL(K, n), since g is invertible the sequence (g ■ /i, . . . ,g ■ f s ) is also regular. Indeed, if 
there exists i G {1, . . . , s} such that g ■ /j is a divisor of zero in K[xi, . . . , x n ]/ {g ■ fi,- ■ ■ ,g ■ fi) then /j is 
a divisor of zero in K[xi, . . . , x n ]/ (/i, . . . , /«}. Hence, 

m^(3-X) =in dri ((g-l) h 



Moreover, g is a linear change of variables thus it preserves the degree. Hence, for all / G X, we have 
{g ' f) h = 5 ' f h - Finally, let U a be a Zariski open subset of GL(K, n) such that for all g G f7 , we have 
the equality in^ r / (g ■ I h ) = Gin(Z h ). Thus, for all g G U a , we then have in^^ (g ■ X) = in^ r ; ((<? • X) 71 ) = 
in dW (g ■ l h ) = Gin(X h ). □ 

Hence, from the previous proposition, for a random linear change of variables g G GL(K, n) we have 
m dri {g ' Z) = Gin (l h )- Thus from Theorem 17.21 for all generators m of in^ r ^ (g ■ X) (/.e m is a leading 
term of a polynomial in the DRL Grobner basis of g ■ X) if x^ divides m and x 1 ^ 1 does not divide m then for 
all j < n we have jp-m G in^rf (g ■ X) if i ^ mod p. Therefore, in the same way as for generic ideals, 
the multiplication matrix T n of g ■ X can be read from its DRL Grobner basis. This is summarized in the 
following corollary. 

Corollary 3. Let K be an infinite field of characteristic p > 0. Let I be a radical ideal of M.[xi, . . . , x n ]. 
There exists a Zariski open subset U ofGL(K, n) such that for all g G U, the arithmetic complexity of com- 
puting the multiplication matrix by x n of g ■ X given its DRL Grobner basis can be done without arithmetic 
operation. If p > this is true only if deg x (m) s^ mod pfor all m G E (g ■ I). Consequently, under 
the same hypotheses, computing the LEX Grobner basis of g-X given its DRL Grobner basis can be bounded 
by 0(log 2 (D)(D UJ + nlog 2 (-D)-D)) arithmetic operations. 

Following this result, we propose another algorithm for polynomial systems solving. 

7.2 Another algorithm for polynomial systems solving 

Let S C K[xi, . . . , x n ] be a polynomial system generating a radical ideal denoted X. For any g G GL(K, n), 
from the solutions of g ■ X one can easily recover the solutions of X. Let U be the Zariski open subset of 
GL(K., n) such that for all g G U, in^/ {g-X) = Gin(X' 1 ). If g is chosen in U then the multiplication 
matrix T n can be computed very efficiently. Indeed, from Section 17.11 all monomials of the form eix n 
for i = 1, . . . , D are in B or in E (g ■ X) and their normal are easily known. Moreover, as mentioned in 
Section |2j there exists U' a the Zariski open subset of GL(K, n) such that for all g G U' the ideal g ■ X 
admits a LEX Grobner basis in Shape Position. If g is also chosen in U' then we can use Algorithm |3] to 
compute the LEX Grobner basis of g ■ X. Hence, we propose in Algorithm |5]a Las Vegas algorithm to solve 
the PoSSo problem. A Las Vegas algorithm is a randomized algorithm whose output (which can be fail) is 
always correct. The end of this section is devoted to evaluate its complexity and its probability of success 
i.e. when the algorithm does not return fail. 

Algorithm |5] successes if the three following conditions are satisfied 
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Algorithm 5: Another algorithm for PoSSo. 



Input : A polynomial system S C K[xi, . . . , x n ] generating a radical ideal. 

Output: g in GL(K, n) and the LEX Grobner basis of (g ■ S) i.e. a univariate parametrization of the 
solutions of S or fail. 

1 Choose randomly g in GL(K, n); 

2 Compute Gdri the DRL Grobner basis of g • <S; 

3 if T n can be read from Gdri then 

4 

5 
6 

7 



Extract T n from Gdri; 

From T n and Gdri compute Gi ex using Algorithm |3l 
if Algorithm [3] succeeds then return g and Gi ex ; 
else return fail; 

8 else return fail; 



1. 5 € GL(K, n) is chosen in a non empty Zariski open set U' such that for all g G U', g ■ T has a LEX 
Grobner basis in Shape Position; 

2. g € GL(K, n) is chosen in a non empty Zariski open set U such that for all g G (7, in^z (<? • X) = 

Gin(X h ); 

3. p = or p > and for all m € i£(g • 1), deg^. (m) ^ mod p. 

The existence of the non empty Zariski open subset U' is proven in ||23"1 . Conditions £Q) and (O are 
satisfied if g € U C\U'. Since, U and U' are open and dense, U n J7' is also a non empty Zarisky open set. 

7.2.1 Probability of success of Algorithm [5] 

Usually, the coefficient field of the polynomials is the field of rational numbers or a finite field. For fields of 
characteristic zero, if g is chosen randomly then the probability that the condition CQ) and (0) be satisfied is 
1. By consequence, the probability of success of Algorithm |3l in case of field of characteristic zero, is 1. 

For finite fields ¥ q , the Schwartz-Zippel lemma H391I44] allows to bound the probability that the condi- 
tions £[]) and (O do not be satisfied by - where d is the degree of the polynomial defining U D U'. Thus, in 
order to bound this failure probability we recall briefly how are constructed U and U'. 

Construction of U'. Let X = (/1, . . . , f n ) be a radical ideal of K[xi, . . . , x n ]. Since I is radical, all its 
solutions are distinct. Therefore, let {aj = (a^i, . . . , Oj in ) € K | fj(ax, . . . , a n ) = 0, j = 1, . . . , n} be 
the set of solutions of X (recall that its cardinality is D). Let g be a given matrix in GL(K, n). We denote by 
w« = {vi,i, ■ ■ ■ , Vi t n) the point obtained after transformation of a% by g, i.e Vi = g ■ a\. To ensure that g ■ X 
admits a LEX Grobner basis in Shape Position, g should be such that Vi jU ^ Vj >n for all couples of integers 
(i, j) verifying 1 < j < i < D. Hence, let g = (gjj) be a [n x n) matrix of unknowns, the polynomial Pjji 
defining the Zariski open subset U' is then given as the determinant of the Vandermonde matrix associated 
to Vj „ for i = 1, . . . , D where v, = (vji, . . . , Vj„) = g • a\. Therefore, we know exactly the degree of 

Pjji which is 2 

Construction of U. The Zariski open subset U is constructed as the intersection of Zariski open subsets 
Ui, . . . , Us of GL(K, n) where 5 is the maximum degree of the generators of Gin(l h ). Let d be a fixed 
degree. Let K[xi , . . . , x n ]d = Rd be the set of homogeneous polynomials of degree d of K[xx , . . . , x n ]. Let 
Gj rl be the DRL Grobner basis of l h and let {f 1 ,...J td } = G^, n R d be a vector basis of 1% = l h n R d - 
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Let g = (gjj ) be a (n x n) matrix of unknowns and let M be a matrix representation of the map Zj — > g -Z^ 
defined as follow: 




M = (Afij) = 

where My is the coefficient of toj in g • fi and {mi, . . . , m-Ar} is the set of monomials in R^. In |[5l[T5l. 
the polynomial Pjj d defining Ud is constructed as a particular minor of size td of M. Since each coefficient 
in M is a polynomial in Kfg^i, . . . , g n ,n] of degree <i, the degree of P^/ d is d ■ td- Finally, since Ud is open 
and dense for all d = 1, . . . , 5 we deduce that f7 = nf =1 C/rf is a non empty Zariski open set whose defining 
polynomial, Pjj, is of degree J2d=i d ■ td < 5J2 i=1 td- Moreover, the number of polynomials in G^ is 
bounded by nD. Thus, deg(P;j) < 5nD. 

For ideals generated by a regular sequence (/i,... , f n ), thanks to the Macaulay's bound, S can be 
bounded by Y17=i(d e g(fi) — 1) + 1- Note that the Macaulay's bound gives also a bound on deg Xn (m) 
for all m € E(g • Z). To conclude, the probability that conditions (Q]) and (0 be satisfied is greater than 

1 " I l 2 ^ 11 + (ET=i(deg(/*) - 1) + 1) no) ; and if p > £? =1 (deg(/0 " x ) + 1 then condition © is 



9 

satisfied. 

7.2.2 Complexity of Algorithm H 

As previously mentioned, the matrix T n can be read from Gdri (test in Line 3 of Algorithm [5]> if all the 
monomials of the form eix n are either in B or in E((Gfc\)). Let F n = {eiX n \ i = 1, . . . ,D}, the test 
in Line 3 is equivalent to test if F n C BU E((Gm})- Since F n contains exactly D monomials and 
B U E ((Gdri)) contains at most (n + 1)D monomials; in a similar way as in Lemma [2] testing if F n C 
B U E ((Gdri)) can be done in at most 0(nD 2 ) elementary operations which can be decreased to 0(D) 
elementary operations if we use a hash table. Hence, the cost of computing B, F n (see Lemma |2) and the 
test in Line 3 of Algorithm [5] are negligible in comparison to the complexity of Algorithm [3] Hence, the 
complexity of Algorithm [5] is given by the complexity of F5 algorithm to compute the DRL Grobner basis 
of g ■ 1 and the complexity of Algorithm [3] to compute the LEX Grobner basis of g ■ 1. From [31 1, the 
complexities of computing the DRL Grobner basis of g ■ 1 or 1 are the same. Since it is straightforward to 
see that the number of solutions of these two ideals are also the same we obtain the second main result of 
the paper. 

Theorem 7.3. Let K be the rational field Q or a finite field ¥ q of sufficiently large characteric p. Let 
S = {/1, . . . , /„} C K[xi, . . . , x n ] be a polynomial system generating a radical ideal X = (S) of degree 
D. If the sequence (f\, . . . , /„) is a regular sequence such that the degree of each polynomial is uniformly 
bounded by a fixed or non fixed parameter d then there exists a Las Vegas algorithm which computes the 
univariate polynomial representation of the roots ofS in 0(d un + \og 2 (D)(D u + nlog 2 (-D)-D)) arithmetic 
operations. 

As previously mentioned, the Bezout's bound allows to bound the number of solutions D by the product 
of the degrees of the input equations. Since this bound is generically reached we get the following corollary. 

Corollary 4. Let IK be the rational field Q or a finite field ¥ q of sufficiently large characteric p. Let S = 
{/1, . . . , f n } C K[xi, . . . , x n ] be a generic polynomial system generating an ideal I = (S) of degree D. 
If the degree of each polynomial in S is uniformly bounded by a fixed or non fixed parameter d then there 
exists a Las Vegas algorithm which computes the univariate polynomial representation of the roots of S in 
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0{D U ) arithmetic operations where the notation O means that we neglect logarithmic factors in D and 
polynomial factors in n. 
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